Facebook ruling affirms crucial principles of online privacy

Facebook won an important test case on Friday against the federal government, which was seeking to compel Facebook to wiretap calls on its Messenger app. Technology company executives and privacy advocates were tracking the case as governments increasingly take action to weaken encryption and extend their surveillance of internet-based communication.

While telephone calls must be given to law enforcement upon request, according to federal law, apps that strictly use internet infrastructure are currently exempt.

In this case, a joint federal and state task force was investigating MS-13 gang members, an international criminal organization often cited by President Trump as an example of the problems with US immigration policy. Public court documents show that law enforcement was intercepting phone calls and Messenger texts, but three Messenger calls were specifically cited as inaccessible to the police. The government moved to hold Facebook in contempt for refusing to provide the calls, and after hearing arguments last month, the court has now declined to do so.

Friday’s ruling was sealed from the public, but two people with inside knowledge of the ruling reported that the judge ruled in favor of Facebook’s decision to not reveal the calls. Neither prosecutors or Facebook representatives answered questions publicly on the matter, but the context of the decision and past statements gives some clues.

If Facebook had been forced to turn over the calls, in the process admitting it was technically able to do so given the end-to-end encryption used for the calls in question, it would have signaled to governments worldwide that even strong encryption can be breached on request. Not all Messenger conversations are encrypted this way, but a “secret conversation” option, available to users, puts the encryption in place.

Even if we accept that the US government will only use such power when appropriate and necessary, the global impact would also open these options for authoritarian governments, as UCLA professor John Villasenor points out writing for Forbes.

End-to-end encryption means data is encrypted at each endpoint, remaining encrypted as it is transmitted to the next endpoint. Law enforcement would need to acquire corresponding decryption keys for the data to be useful, according to Villasenor. Whether Facebook can access the keys themselves depends on how those keys are managed, but it’s clear Facebook would be unable to intercept the data in transit.

Facebook said in August that the only way to comply with the government’s request would be to rewrite the code that all users rely on to remove encryption, or if it hacks the calls targeted by the investigation, according to Reuters.

While phone calls already must be handed over to the government on their request, this surveillance has proven to be a slippery slope in the past. And scaling back this surveillance capability, as was done in 2015 in the wake of the Edward Snowden revelations, has not made society any less safe. The current exemption for certain forms of internet communication should not be viewed as a loophole that needs to be closed, but as a chance to avoid making the mistakes we’ve made in the past, and to instead take the Fourth Amendment more seriously.

Even without the data from the Messenger calls, charges have been brought against the targets of the investigation. At what point do compromises on privacy actually make society safer?

In a similar case in 2016, the government tried to force Apple to unlock the phone of a mass shooter in the San Bernardino, California incident. The broader issue was sidestepped when a third-party solution allowed the government to access the phone without Apple’s participation. Earlier this year, the Department of Justice found the FBI did not exhaust all of its other options to access the data before taking Apple to court.

Compelling companies like Facebook and Apple to compromise the privacy of their own users sets a dangerous precedent in itself. Complying with a reasonable request from the US government sets a precedent for complying with less reasonable requests from other governments in the future. There have been many chances in the twenty first century to learn these lessons about the dangers, and futility, of compromising privacy in the name of safety. But those lessons ultimately reaffirm what Benjamin Franklin already knew over two centuries ago: